I'm pretty sure that this is the same thing I described you just wrote all the servlet
code yourself instead of having the jsp engine do it for you. That still leaves the
ugly and race condition problems I described. Am I wrong?
-Cavan
----- Original Message -----
From: "Jayson Yu" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Tuesday, December 18, 2001 6:27 PM
Subject: Re: Session
> You are right, this is not very efficient, I strongly suggest using
> servlets. If you do you can
> place all user info you would possibly need in an httpsession.
>
> You can in fact create a new session after athentication, you can also
> create a class
> containing the attributes you want to save on each session (e.g. name,
> address, sex,
> access code etc.).
>
> For example:
>
> // this is your function to verify the user agains your DB
> if CheckUser(loginname, password)
> {
>
> HttpSession websession = request.getSession(true);
>
> // Sessions is a user made class that contains the
> // methods and properties you want the session to have.
> Sessions thissession = new Sessions();
>
> // 30 minutes
> websession.setMaxInactiveInterval(1800);
>
> String sessid;
>
> // Just replace this method with one of yours.
> sessid=GenericTools.generateRandomSessionCode(25);
>
> websession.putValue("mysession",thissession);
> ((Sessions)websession.getValue("mysession")).setSessionCode(sessid);
> ((Sessions)websession.getValue("mysession")).setName(login_name);
>
>
> }
>
>
> getting information from your session is equally easy:
>
> HttpSession websession = request.getSession(true);
> if (websession.getValue("mysession")!=null)
> {
>
>login_name=((Sessions)websession.getValue("mysession")).getName();
> }
>
> Of course your Sessions class must have the setSessionCode, setName and
> getName methods.
>
> Hope this helps.
>
> json
>
>
> At 05:41 PM 12/18/01 -0800, you wrote:
> >If anyone solves this it would be a great help to me as well. I am
> >currently using a clumsy work around that doesn't always work.
> >
> >I have a User object that contains a lot of information about the users
> >that could be very useful on various pages. I'd like to simply fill this
> >object and add it to the session upon authentication for later use. I
> >haven't found a way to do that yet.
> >
> >My work around is to do a pageContext.include() of a jsp that does the
> >following on every page.
> >
> > String name = request.getRemoteUser();
> > User user = (User)session.getAttribute("USER_OBJECT");
> > if(name!=null&&user==null) {
> > user = User.getUserByName(datasource, name);
> > session.setAttribute("USER_OBJECT", user);
> > }
> >
> >This has two problems though.
> >1) It's a waste of time to have to do this on every page.
> >2) It can create a race condition if the page it's include in needs to use
> >the User object immediately. If I do the following the User object
> >generally ends up being null.
> >
> > pageContext.include("login.jsp");
> > User user = (User)session.getAttribute("USER_OBJECT");
> >
> >I think the ability to do this properly would be a great help to a lot of
> >people and contribute to cleaner and faster servlet and jsp applications.
> >Being able to specify a method that takes the username and password to be
> >run on successful authentication would do it.
> >
> >-Cavan
> >
> >----- Original Message -----
> >From: "Jon Weinberg" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Tuesday, December 18, 2001 4:08 PM
> >Subject: Session
> >
> >
> >I am running Tomcat 4.0 with form-based authentication. I would like to
> >add some user-specific variables into the session as soon as the user logs
> >in (that is, as soon as the user logs in, I want to get the username from
> >the form, use it to query my DB, put some results into the user's session,
> >and have the user continue on to the page he originally requested.)
> >
> >I have tried a number of solutions that don't work:
> >
> >1) I've tried having the login form's action send the info to a servlet
> >that does the processing and then forwards the request to
> >"j_security_check", but that solution only works in 3.2 and not in 4.0
> >
> >2) I have attached an HttpSessionListener, but since the session is
> >created before the user actually logs in, my listener does not yet have
> >the username and cannot complete the preprocessing.
> >
> >Is there a way for me to execute something right AFTER a user authenticates?
> >
> >Thanks,
> >Jon
> >
> >
> >
> >--
> >To unsubscribe: <mailto:[EMAIL PROTECTED]>
> >For additional commands: <mailto:[EMAIL PROTECTED]>
> >Troubles with the list: <mailto:[EMAIL PROTECTED]>
>
>
> --
> To unsubscribe: <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
